Using SSH to run Linux applications remotely..
I’ve been experimenting with running a headless Ubuntu server this week and getting SSH to the box and then running Firefox. I wanted the firefox to run on the server but display on the Client PC. It’s actually quite simple to do and it’s a good way to provide some remote services.
With X11 forwarding
The SSH protocol has the ability to securely forward X Window System applications over your encrypted SSH connection, so that you can run an application on the SSH server machine and have it put its windows up on your local machine without sending any X network traffic in the clear.
To enable x forwarding, you have two ways:
-
with the openssh package of Cygwin
With openssh
-
Make sure you have the openssh package installed.
-
Launch Cygwin/X
-
In an X terminal, you can run the following in an X terminal:
$ ssh -Y username@remote_hostname_or_ip_address
where the Y parameter enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
-
Enter your password when prompted by ssh.
With Putty
-
Launch Cygwin/X. Close the X terminal windows if necessaryOpen Putty and change the X11 forwarding configuration as below:
The X display location box is blank by default, which means that PuTTY will try to use a sensible default such as :0, which is the usual display location where your X server will be installed.
Launch remote X clients
From Putty of OpenSsh, you have now a ssh connection and you can now launch remote X clients in your session. For example:
$ firefox&
will launch an x terminal running on your remote host that will display on your Cygwin/X screen.
By appending & to the command name, the remote clients start in the background and you don’t have to open several others ssh sessions.
Without X11 forwarding
Without the X11 forwarding, you are subjected to the X11 SECURITY and then you must:
In this example:
-
192.168.2.223 is the IP of the server
-
192.168.2.2 is the IP of the local computer where the x server is installed
gerardnico@gerardnico01 ~ $ xhost 192.168.2.223 192.168.2.223 being added to access control list gerardnico@gerardnico01 ~ $ ssh -l root 192.168.2.223 root@192.168.2.223s password: Last login: Sat May 22 18:59:04 2010 from rixni01.cornac.net [root@oel5u5 ~]# export DISPLAY=192.168.2.2:0.0 [root@oel5u5 ~]# echo $DISPLAY 192.168.2.2:0.0 [root@oel5u5 ~]# xclock&
Then the xclock application must launch.
By starting the remote clients in the background, by appending & to the command name (xclock&), you don’t have to open several ssh sessions.
Support
If when you don’t use the X forwarding method by using xhost, you:
-
forgot to add the remote server to your authorized list
-
gave a bad IP/name of your remote server
you will then receive this error:
[root@oel5u5 ~]# xclock& Xlib: connection to "192.168.2.2:0.0" refused by server Xlib: No protocol specified Error: Can''t open display: 192.168.2.2:0.0
To resolve this error, exit your ssh session, use the xhost command to add the remote server to your authorized list and follow again the complete process.
Thank you mate!!
I was using -X
All good for me now!
ssh -Y -p 2992 -i ~/.ssh/mycert-priv user@192.168.1.2
Anyone else having cert password probs. I found the cert HAS to be generated in cygwin. I could not use my existing cert on the windows machine.